To enhance the information security protection and data management quality in the University, a consultant study was done and completed in 2016. The recommendations for improving the University’s level of maturity in Information Security and Data Management (“ISDM”) include the implementation of a University-wide ISDM Policy with 3 lines of defence through three phases of development.
The ISDM Policy is built on a common set of foundations of:
- Accountability at faculties/departments/schools/centres/offices and work units;
- Data ownership and stewardship;
- Documentation: data/information/system asset inventory;
- Risk-based data/information/system classification; and
- Training for all levels of staff.
The 3 phases of development are described below:
Phase I: Build Foundation (March 2017 – August 2017)
- Set up governance and supporting parties
- Endorse and issue the new Policy and relevant standards/guidelines
- Align standards/guidelines with the new Policy
- Deliver briefing and training sessions to HKU users
- Implement data/information classification
Phase II: Bridge Gap (September 2017 – August 2018)
- Conduct trainings to HKU users
- Provide guidance to faculties/departments/schools/centres/offices/work units in HKU
- Execute improvement plans
Phase III: Obtain Comfort (September 2018 – August 2019)
- Embed ISDM practices into faculties/departments/schools/centres/offices/work Units in HKU
Colleagues can refer to the ISDM Policy Implementation Website for more information about the ISDM Policy, roles and responsibilities of data owners/stewards/custodians/users, data classification scheme, life cycle of data management and how data should be managed.
In case you have any questions or feedback on the above, please feel free to contact the ISDM Workgroup at firstname.lastname@example.org or 3917 5715.
Data and Security Team
Information Technology Services
Tel: 3917 5952